[SAC] Wiki LDAP Migration

[Martin Spott]

On Mon, Mar 09, 2009 at 11:47:26AM -0700, Jason Birch wrote:

> I really think that it would be unwise to allow LDAP authentication in
> plain text.

Indeed, by hooking the Wiki authentication onto LDAP we're actually
about exposing our one-fits-all OSGeo accounts to MediaWiki's
trustworthiness. Establishing SSL encryption in the autherntication
handshake should probably considered to be the first step _before_ we
hook all this onto the LDAP directory.
Nevertheless, it's certainly a good idea to add a hook to the LDAP
directory.

We currently have approx. 3k5 pages and 1183 users have done edits.
Every user is being identified by a nickname plus a numeric, this is
easily modifiable in the XML dump. I propose to start by translating
those existing Wiki users into LDAP users which had been supplying a
real name and thus allow easy identification of the respective
counterpart. Those users that remain unclear, which might result in a
pretty large share in the beginning, are going to have a new LDAP user
account added that serves for Wiki authentication only.

Over the time we might ask OSGeo and/or Wiki users to supply a real
name if they did not already do so and thus manage to merge more and
more users.

On Sun, Mar 08, 2009 at 09:48:42AM -0400, Christopher Schmidt wrote:

> Martin, I believe that the most recent effort in this regard was yours;
> can you comment on the current state? Is my memory correct? Would you
> be willing to help migrate this authentication mechanism?

Definitely. I think I should set up another, mostly private Wiki just
for the purpose of checking how LDAP-authenticated users are going to
show up in the XML dump, thus to get some experience about how this
Wiki LDAP authentication had been designed.

Cheers,
	Martin.
-- 
 Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------